× Welcome to SGCyberSecurity forum!

Feel free to discuss any topics relating to cybersecurity with the rest of the security community in this forum.

Topic-icon web pen testing on Prod and UAT

54 years 9 months ago #2992 by o_wendyt

UAT on new application before launch to production. Fix the gaps before launch.

Production will be an annual one in accordance with TRM as company is under MAS regulations. Usually done during weekends or maintenance windows.

Please Log in or Create an account to join the conversation.

54 years 9 months ago #2999 by o_howard

Typically, a UAT environment should mirror the Prod so that all the controls are same. And after testing or any scanning done at UAT, ensure the UAT environment is safe before pushing the same patch to Prod. But if you are going to do web pen test on Prod, i would suggest to do a black box testing and before that, just do a backup of everything.

Please Log in or Create an account to join the conversation.

54 years 9 months ago #3000 by o_mandyplayhard

thank u all for the advice. :)

Please Log in or Create an account to join the conversation.

54 years 9 months ago #3006 by o_howard

u r welcome but seriously, just backup first. u wouldn't want ur management folks to scream if there's any data lost during the web PT

Please Log in or Create an account to join the conversation.

7 years 8 months ago #2991 by o_mandyplayhard

ask u guys, do u perform web PT on both Prod and UAT or either one? I know prod may seems tricky as it's live data but if we dun do on Prod then we won't know if its susceptible to vulnerabilities. opinions?

Please Log in or Create an account to join the conversation.

7 years 8 months ago #3014 by o_twentysomething

@mandyplayhard I think better scan UAT, last time i scan prod and mess up some prod data and got scolded by boss. ur prod and uat should have same controls then at least make sense.

Please Log in or Create an account to join the conversation.